DOS-2635: ad powershell fixes (#605)

* DSOS-2635: fixes to AD DomainController powershell * fix
ministryofjustice · Mar 11, 2024 · 5acddad · 5acddad
1 parent 1425b2a
commit 5acddad
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 3 deletions.
diff --git a/powershell/Scripts/ModPlatformAD/Install-ModPlatformADDomainController.ps1 b/powershell/Scripts/ModPlatformAD/Install-ModPlatformADDomainController.ps1
@@ -42,9 +42,22 @@ if ($DFSReplicationStatus -eq $null) {
   $ADAdminCredential = Get-ModPlatformADAdminCredential -ModPlatformADConfig $ADConfig -ModPlatformADSecret $ADSecret
   $ADSafeModeAdministratorPassword = Get-ModPlatformADSafeModeAdministratorPassword -ModPlatformADConfig $ADConfig -ModPlatformADSecret $ADSecret
   Install-WindowsFeature -Name AD-Domain-Services -IncludeAllSubFeature -IncludeManagementTools
-  Install-ADDSDomainController -DomainName $ADConfig.DomainNameFQDN -InstallDns:$true -Credential $ADAdminCredential -SafeModeAdministratorPassword $ADSafeModeAdministratorPassword -NoRebootOnCompletion -Force
+  Install-ADDSDomainController `
+   -DomainName $ADConfig.DomainNameFQDN `
+   -InstallDns:$true `
+   -Credential $ADAdminCredential `
+   -SafeModeAdministratorPassword $ADSafeModeAdministratorPassword `
+   -NoRebootOnCompletion `
+   -NoGlobalCatalog:$false `
+   -CreateDnsDelegation:$false `
+   -CriticalReplicationOnly:$false `
+   -DatabasePath "C:\Windows\NTDS" `
+   -LogPath "C:\Windows\NTDS" `
+   -SysvolPath "C:\Windows\SYSVOL" `
+   -SiteName "Default-First-Site-Name" `
+   -Force
   Exit 3010 # triggers reboot if running from SSM Doc
 } else {
-  $Services='DNS','DFS Replication','Intersite Messaging','Kerberos Key Distribution Center','NetLogon',’Active Directory Domain Services’
+  $Services='DNS','DFS Replication','Intersite Messaging','Kerberos Key Distribution Center','NetLogon','Active Directory Domain Services'
   ForEach ($Service in $Services) {Get-Service $Service | Select-Object Name, Status}
 }
diff --git a/powershell/Scripts/ModPlatformAD/Uninstall-ModPlatformADDomainController.ps1 b/powershell/Scripts/ModPlatformAD/Uninstall-ModPlatformADDomainController.ps1
@@ -36,6 +36,6 @@ $DFSReplicationStatus = Get-Service "DFS Replication" -ErrorAction SilentlyConti
 if ($DFSReplicationStatus -ne $null) {
   $ADAdminCredential = Get-ModPlatformADAdminCredential -ModPlatformADConfig $ADConfig -ModPlatformADSecret $ADSecret
   $ADSafeModeAdministratorPassword = Get-ModPlatformADSafeModeAdministratorPassword -ModPlatformADConfig $ADConfig -ModPlatformADSecret $ADSecret
-  Uninstall-ADDSDomainController -Credential $ADAdminCredential -NoRebootOnCompletion -Force
+  Uninstall-ADDSDomainController -Credential $ADAdminCredential -NoRebootOnCompletion -DemoteOperationMasterRole -ForceRemoval -Force
   Exit 3010 # triggers reboot if running from SSM Doc
 }